[Koha-bugs] [Bug 34650] Editing/deleting lists from toolbar on virtualshelves/shelves.pl causes CSRF error
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Sep 1 11:47:37 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34650
Marcel de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #154956|0 |1
is obsolete| |
--- Comment #13 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Created attachment 155090
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=155090&action=edit
Bug 34650: Convert list toolbar delete into form POST
This patch adds a HTML form with a CSRF token to POST the list delete,
which is triggered by a click handler on the A element. The A element
is still needed for existing style reasons.
Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. In the staff interface, add a list
3. Go into that list (e.g. virtualshelves/shelves.pl?op=view&shelfnumber=X)
4. From the toolbar click the "Edit" dropdown
5. From the dropdown try either "Edit list" or "Delete list"
6. Note no CSRF error and operation completes as expected
Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list